The last link argues that Hoffman would have gone too far had he actually released the code for Nikto, as the author originally believed. But Hoffman does not intend to release Nikto into the wild, thus there's no real danger beyond showing people a potential vector for exploitation (but not exactly how to do it). In other words, we're back to the basic issue of publishing security vulnerabilities publicly versus privately.posted by chrominance at 1:54 PM on March 28, 2007

Yeah I meant to mention that he didn't actually release the code, just demoed it. But still, it'll be interesting to see how long it takes for either the program itself to find its way into the wild or for someone to write an equivalent tool & release it now that the idea has been planted in people's heads.posted by scalefree at 2:05 PM on March 28, 2007

This actually is good, if it forces businesses and other site owners to actually get serious about security.

I'm all for it--almost all fixes and patches and security problems are exposed by people like the ones behind this stuff. It's astonishing how unsecure so many sites and servers and machines are.posted by amberglow at 3:46 PM on March 28, 2007

(and all our personal computers too)posted by amberglow at 3:47 PM on March 28, 2007

Although the code for this tool has not been released, there are plenty of code snippets out there for doing similar things (Javascript browser keystroke loggers, portscanners etc). It was only a matter of time until these individual tools and techniques were refined and made into a general purpose assessment tool like Jikto.

If nothing else, another good example to show people how cross site scripting/inadequate data validation can come back to haunt you in weird and wonderful ways.posted by inflatablekiwi at 5:32 PM on March 28, 2007

port scanning by img url (first port scanner link) is simultaneously amusing and scary.posted by b1tr0t at 6:42 PM on March 28, 2007

Tags

Share

About MetaFilter

MetaFilter is a weblog that anyone can contribute a link or a comment to. A typical weblog is one person posting their thoughts on the unique things they find on the web. This website exists to break down the barriers between people, to extend a weblog beyond just one person, and to foster discussion among its members.